CVE-2021-45067 PoC — Adobe Acrobat Reader Dc 缓冲区错误漏洞

Source

https://github.com/hacksysteam/CVE-2021-45067

Associated Vulnerability

Title:Adobe Acrobat Reader Dc 缓冲区错误漏洞 (CVE-2021-45067)
Description:Adobe Acrobat Reader Dc是美国Adobe公司的一个 Pdf 阅读工具。用于可靠查看、打印和注释 Pdf 文档。 Adobe Acrobat Reader Dc存在安全漏洞，攻击者可利用该漏洞诱使受害者打开精心构造的PDF文件，触发越界读取错误并读取系统上的内存内容。

Description

Adobe Reader DC Information Leak Exploit

Readme

# CVE-2021-45067

This bug was `Out of Bounds Read` caused by treating `ANSI` string as `Unicode` which can be exploited to leak sensitive information from the sandboxed adobe reader process.

## Blog

- [Adobe Reader - XFA - ANSI - Unicode Confusion Information Leak](https://www.hacksys.io/blogs/adobe-reader-xfa-ansi-unicode-confusion-information-leak)

## Advisory

-   [CVE-2021-45067](https://hacksys.io/advisories/HI-2021-002)

## Demo

[![Adobe Reader - XFA - ANSI - Unicode Confusion Information Leak Exploit](https://img.youtube.com/vi/2QNmhwN_I4w/0.jpg)](https://www.youtube.com/watch?v=2QNmhwN_I4w)

File Snapshot


 [4.0K]  /data/pocs/f1c5819962b94ece43554a645be3dd72926baa21
├── [6.7K]  4bafcb7423f2b53e1a729dca395e549cfdb04fc1.pdf
├── [ 18K]  exploit.pdf
├── [ 34K]  LICENSE
├── [ 611]  README.md
├── [1.2K]  web-server-post.py
├── [1.2K]  xfa.js
└── [ 11K]  xfa.xml

0 directories, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!